US firm pushed to brink by China hack attack

A family-owned firm came under relentless assault after accusing China of pirating its software to build the Green Dam cybercensor

By Michael Riley / Bloomberg

As far as Milburn knew, though, his attackers could have been anyone from seasoned professionals to hacktivists tapping on a keyboard in a Beijing basement, he says.

The more urgent question was whether the attackers were behind the strange things that began happening in his network.

DiPasquale was at her desktop computer, helping the company’s attorneys with research sometime in August, when she noticed the light on her webcam come on. A few days later, a message flashed on her laptop indicating that the camera on that machine had been activated as well. She made an alarmed call to Milburn. After learning that Chinese hackers had eavesdropped on the Dalai Lama and his staff using their own computers, he went through the office, covering every webcam and microphone with black electrical tape.

Then the company’s e-mail servers began shutting down, sometimes two or three times a week, slowing e-mail traffic, the main way the company provides customer service. Similar problems began plaguing the Web servers — a bigger problem since Web sales of CYBERsitter supply more than half of Solid Oak’s revenue. By September and October, Web site sales were off 55 percent from mid-year and Milburn was struggling to figure out how the hackers might be behind it.

“I panicked,” says Milburn, who combines a beach comber’s countenance with the nervous energy of a workaholic. “What the hell is happening to my income, where is the money going, why aren’t we getting orders?”

“This slow realization came that, wait a second, they’re coming after us now,” says DiPasquale, who felt she could no longer trust her own computer. “It was very scary.”

Milburn had contacted the FBI after the flurry of e-mail assaults, and an agent from the Seattle field office called and took details, including samples of the malware and, later, server logs, he says.

However, the agency shed almost no light on the situation, he says, and he was never told if the material was useful.

That does not mean the bureau was in the dark about Milburn’s attackers. US law enforcement and intelligence officials had amassed a long dossier on the group, which they had been tracking since 2002, according to leaked cables and two people familiar with government investigations into the group.

Laura Eimiller, an FBI spokeswoman in Los Angeles, said the bureau could not comment on its interactions with Solid Oak or any investigation.

Milburn forged ahead in court in an attempt to win damages for the alleged theft. He and his small team of lawyers had spent six months analyzing the similarities in the two software programs. He filed suit in January 2010 against the Chinese government and two Chinese software companies that had developed Green Dam.

Milburn’s suit also named seven big computer manufacturers, including Sony and Lenovo Group, which the suit alleges had begun installing or distributing the software in the program’s early phases.

As in the digital fight, not all of Milburn’s legal adversaries were what they seemed. Zhengzhou Jinhui Computer System Engineering Co, one of the two Chinese companies that developed Green Dam, had ties to the People’s Liberation Army University, a research center for China’s military, according to a June 2009 US embassy diplomatic cable published by Wikileaks the following year.